Sep 28 2023 06:03 AM
Hi
New to Bicep and learning it by deploying a mini environment in my lab. I am using the same code base as defined here: https://rozemuller.com/avd-automation-cocktail-avd-with-bicep-and-azure-cli/#azure-compute-gallery but I have made some alterations to it as I am trying to create a gen2 Trusted Launch VM to be used instead of a standard SecurityType defined in this blog.
resource vm 'Microsoft.Compute/virtualMachines@2023-03-01' = { // Security profile properties... securityProfile: { uefiSettings: { secureBootEnabled: true vTpmEnabled: true } securityType: 'TrustedLaunch' } diagnosticsProfile: { bootDiagnostics: { enabled: true } } }
When I come to run the main.bicep file alongside the parameters which then pulls the various modules depending on where it is in the build it goes through the process of deploying the gallery image but fails with the error:
The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure, Target: /subscriptions/<mysubscriptionID>/resourceGroups/uks-rb81-vdi-avd-hpl-priv-001-01/providers/Microsoft.Compute/galleries/uksbldglbssvgal01/images/uks-img-Windows-desktop-11-gen2-22h2-priv-tl-001/versions/2023.09.26) The source 'subscriptions/<mysubscriptionID>/resourceGroups/rg-Win11-template/providers/Microsoft.Compute/virtualMachines/i4xsd3rrtnobm-vm' has security type 'TrustedLaunch' and cannot be used as a source for an image definition with SecurityType feature set to 'None'. (Code: Conflict)
I am really confused where I need to set this, I thought it would be under the bicep file deploy-shared-image-gallery.bicep but then when I declare the params and resource as
Oct 11 2023 08:17 AM
Solution
Thought I would add, managed to resolve in the end. I needed to add features into the deploy-shared-image-gallery.bicep file
features: [
{
name: 'SecurityType'
value: 'TrustedLaunch'
}
]
at the point when it creates the resource galleryDefinition after it declares the hyperVGeneration. What I found is its not well documented at the moment.
Oct 11 2023 08:17 AM
Solution
Thought I would add, managed to resolve in the end. I needed to add features into the deploy-shared-image-gallery.bicep file
features: [
{
name: 'SecurityType'
value: 'TrustedLaunch'
}
]
at the point when it creates the resource galleryDefinition after it declares the hyperVGeneration. What I found is its not well documented at the moment.